There are several risks associated with storing your passwords in Google Sheets, including its lack of end-to-end encryption by default and lack of secure sharing capabilities.
Weak passwords can lead to ransomware attacks because they can be easily compromised through password-cracking techniques, allowing cybercriminals to gain access to an organization’s network where they can then inject ransomware.
Often, when people think of the causes of ransomware infections, their first thought is it was caused by a phishing email. While phishing emails are one of the most common causes of ransomware infection, there are several other ways that ransomware can infect networks and devices, such as the use of weak passwords.
Continue reading to learn what is considered a weak password and how weak passwords can lead to ransomware attacks.
What’s Considered a Weak Password?
A weak password is any password that doesn’t follow password best practices. Weak passwords have the following characteristics.
- Less than 16 characters long
- Contains common dictionary words and phrases
- Doesn’t include a combination of uppercase and lowercase letters
- Doesn’t include numbers
- Doesn’t include symbols (e.g. $,%,#,*,!,&)
- Contains personal information
- Is reused across multiple accounts
What Is a Ransomware Attack?
A ransomware attack is when cybercriminals install a type of malicious software called ransomware on your device to prevent you from being able to access your stored files and data. Some cybercriminals may even go as far as preventing you from being able to access your entire device. When cybercriminals successfully infect your device with ransomware, a prompt will display on your screen letting you know that the only way to regain access to your device and data is by paying the cybercriminal a specified ransom amount – which is often in the form of cryptocurrency.
There’s no guarantee that paying the ransom will allow victims to regain access to their device or data. Furthermore if victims do decide to pay the ransom, they often get hit with a follow-on attack since cybercriminals know they’re willing to pay.
Weak Passwords: How They Lead to Ransomware Attacks
Weak passwords are easy for cybercriminals to guess or crack. If a cybercriminal can crack a weak password that secures access to an organization’s network, they’ll be able to inject the network with ransomware.
The compromised credentials that have led to the most ransomware attacks are Remote Desktop Protocol (RDP) credentials. RDP is a network communication protocol that enables users to remotely connect to computers securely. RDP has become increasingly important in remote and hybrid work. However, one major security vulnerability that RDP has is that many users choose to use weak passwords to secure it. An RDP credential that becomes compromised is a major vector for ransomware attacks.
To prevent RDP credentials from becoming compromised, it’s important to secure them using a strong password that follows password best practices. Rather than relying on an employee to create their own password, invest in a business password manager which will allow IT administrators to enforce the use of strong passwords and Multi-Factor Authentication (MFA).
Additional Risks To Using Weak Passwords
Weak passwords don’t only cause ransomware attacks, they can also lead to Account Takeover (ATO) attacks, data breaches and identity theft.
Account takeover attacks
An account takeover attack happens when cybercriminals compromise the credentials to an online account, which can be due to the use of weak passwords. Once the cybercriminal gains access to the account, they go into the account settings and change the password. By changing the password, the cybercriminal effectively locks the user out of their account. Some cybercriminals even go as far as to change the user’s profile settings like changing the user’s email address or phone number to their own, so there’s no way for the user to regain access to their account.
Once the cybercriminals have locked the user out of their account, they can do what they want such as steal personal information or post as the user if they took over their social media account.
Data breaches
A data breach is when a security incident results in customer and employee Personally Identifiable Information (PII) being exposed. Some data breaches also result in the exposure of sensitive company data. Data breaches can happen for a variety of reasons such as man-in-the-middle attacks or when an employee clicks a link or opens an attachment in a phishing email. Data breaches can also occur due to employees using weak passwords for their work accounts and failing to enable MFA.
Identity theft
In addition to account takeover attacks and data breaches, weak passwords can also lead to identity theft for both customers and employees. If a cybercriminal can gain access to a privileged user’s account due to a weak password securing it, such as a payroll system, they can steal employee PII which can result in that employee having their identity stolen.
Depending on the type of information that an organization collects on its customers, if a cybercriminal were to gain access to where that customer data is stored due to it being secured with a weak password, cybercriminals would also be able to steal customer identities.
Don’t Let Weak Passwords Place You at Risk of Ransomware
Weak passwords can place your organization at a greater risk of suffering a ransomware attack that can lead to financial losses, reputational damage and your organization having to scale back operations due to downtime or repairs. Organizations must have all the necessary tools they need to keep their organization secure from common cyber threats like ransomware. One tool all organizations should invest in is a Privileged Access Management (PAM) solution like KeeperPAM™.
KeeperPAM combines Enterprise Password Management (EPM), Keeper Secrets Management (KSM) and Keeper Connection Management (KCM) into one unified platform so organizations can secure their passwords, secrets and remote connections. To learn more about how KeeperPAM can help your organization mitigate the risk of a ransomware attack due to weak passwords, request a demo today.